CVE-2019-10083

Summary

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.

Affected Software

VendorProductVersion RangeStatus
n/aApache NiFiApache NiFi 1.3.0 to 1.9.2affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References